If users select internal Virtual Analyzer for testing suspicious files that DDI encounters, three network types can be selected and the selected network type determines the Internet connectivity of Virtual Analyzer.

When Management network is used, internal Virtual Analyzer connects to the Internet using the DDI management port. If Custom network is selected, internal Virtual Analyzer could connect to the Internet via another data port.

Details

Public

Recommendation

Since suspicious files analyzed by internal Virtual Analyzer might also trigger some malicious traffics, for instance, connecting back to the command and control servers, those traffics would be intercepted and will trigger certain DDI rules. To easily identify those detections that are from the internal Virtual Analyzer, Trend Micro recommends:

Setting up custom network and configuring a specific port for Virtual Analyzer traffic.

Geolocation Notification

Please approve access on GeoIP location for us to better provide information based on your support region.
If your location now is different from your real support region, you may manually re-select support region
in the upper right corner or click here.